Sample code for 30+ languages & platforms
SQL Server

SAML Signature Validation

See more XML Digital Signatures Examples

A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @dsig int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @dsig OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @dsig, 'LoadSignature', @success OUT, 'XML xml signature goes here...'

    -- A sample SAML signature is shown below..

    DECLARE @numSignatures int
    EXEC sp_OAGetProperty @dsig, 'NumSignatures', @numSignatures OUT
    DECLARE @i int
    SELECT @i = 0
    WHILE @i < @numSignatures
      BEGIN
        EXEC sp_OASetProperty @dsig, 'Selector', @i

        DECLARE @bVerifyRefDigests int
        SELECT @bVerifyRefDigests = 0
        DECLARE @bSignatureVerified int
        EXEC sp_OAMethod @dsig, 'VerifySignature', @bSignatureVerified OUT, @bVerifyRefDigests
        IF @bSignatureVerified = 1
          BEGIN


            PRINT 'Signature ' + @i + 1 + ' verified'
          END
        ELSE
          BEGIN


            PRINT 'Signature ' + @i + 1 + ' invalid'
          END

        -- Check each of the reference digests separately..
        DECLARE @numRefDigests int
        EXEC sp_OAGetProperty @dsig, 'NumReferences', @numRefDigests OUT
        DECLARE @j int
        SELECT @j = 0
        WHILE @j < @numRefDigests
          BEGIN
            DECLARE @bDigestVerified int
            EXEC sp_OAMethod @dsig, 'VerifyReferenceDigest', @bDigestVerified OUT, @j


            PRINT 'reference digest ' + @j + 1 + ' verified = ' + @bDigestVerified
            IF @bDigestVerified = 0
              BEGIN

                EXEC sp_OAGetProperty @dsig, 'RefFailReason', @iTmp0 OUT
                PRINT '    reference digest fail reason: ' + @iTmp0
              END

            SELECT @j = @j + 1
          END

        SELECT @i = @i + 1
      END

    -- --------------------------------------
    -- Here is a sample SAML XML Signature
    -- 
    -- 
    -- <?xml version="1.0" encoding="UTF-8"?>
    -- <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
    --   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
    --   <saml2p:Status>
    --     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    --   </saml2p:Status>
    --   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
    --     <saml2:Issuer>https://idp.example.com</saml2:Issuer>
    --     <saml2:Subject>
    --       <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
    --     </saml2:Subject>
    --     <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
    --     <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
    --       <saml2:AuthnContext>
    --         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
    --       </saml2:AuthnContext>
    --     </saml2:AuthnStatement>
    --     <!-- Additional assertion content -->
    --   </saml2:Assertion>
    --   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    --     <ds:SignedInfo>
    --       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    --       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    --       <ds:Reference URI="#abc123">
    --         <ds:Transforms>
    --           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
    --           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    --         </ds:Transforms>
    --         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    --         <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
    --       </ds:Reference>
    --       <!-- Additional references if present -->
    --     </ds:SignedInfo>
    --     <ds:SignatureValue>
    --       NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
    --     </ds:SignatureValue>
    --     <ds:KeyInfo>
    --       <ds:X509Data>
    --         <ds:X509Certificate>
    --           MIIDgzCCAmugAwIBAg...AgADAA==
    --         </ds:X509Certificate>
    --       </ds:X509Data>
    --     </ds:KeyInfo>
    --   </ds:Signature>
    -- </saml2p:Response>

    EXEC @hr = sp_OADestroy @dsig


END
GO